• Post Reply Bookmark Topic Watch Topic
  • New Topic

Single sign out

 
vicky verma
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi......

I am working on one project.where i have to provide a functionality of single sign out.

my client want a to access all his product side through on login name and password.

second thing that he want is to provide a functionality to sign out out from one of his site and all the remaining site to open until he dose not logout that particular site.

is this functonality is possible

please give the suggesation on the same.

Thanks in advance.
[ December 08, 2007: Message edited by: Ben Souther ]
 
Katrina Owen
Sheriff
Posts: 1367
18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, I'm trying to get a clear idea of what you are asking, please correct me if I am wrong.

Your client has a large site with multiple sections.
Your client wants to log in ONCE, and be logged in to all the sections simultaneously.
Your client wants to be able to log out of a single section, while remaining logged in to all other sections.

Is this correct?
 
Stan James
(instanceof Sidekick)
Ranch Hand
Posts: 8791
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Single sign on as described by Katrina is complex but pretty well worked out. It's just tricky enough that a commercial product will likely be many times better than anything you write. We use a product called SiteMinder ... Google for the company information. Before that we had a home-made one that worked in a similar manner but we're retiring that where we can.

The basic idea is to put a filter or single controller servlet in front of your application. If a user request has a security cookie then they have already logged on one of the cooperating systems and you can let them through. If not, redirect them to a logon screen.
 
subodh gupta
Ranch Hand
Posts: 203
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Their are couple of solutions its depends which one you wants obviouly limitaions are their:

1) First of all set the inactive session time to infinite.
2) You can either use application context (hasptable) or database to maintain the count of users logged in and the windows they have openend.
3) Now to now which user is requesting what you need to have the front controller pattern (for all request) if you are using struts RequestProcessor can do the job(just override it.).
4) If the count of the windows he openend reaches 1 and he presses logout just invalidate the session and take him to loggin screen but if count is greater than 1 just decrease the count and take him to the loggin screen.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!